[gentoo-commits] repo/gentoo:master commit in: net-dns/dnsviz/, net-dns/dnsviz/files/

[gentoo-commits] repo/gentoo:master commit in: net-dns/dnsviz/, net-dns/dnsviz/files/

[Thomas Deutschmann]

commit:     4b99c0e37947f6be1cdb6ff897477e590a0480a9
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 22 12:19:49 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Aug 22 13:41:31 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b99c0e3

net-dns/dnsviz: replace libnacl with py-cryptography

This will also add Ed448 support.

Package-Manager: Portage-3.0.3, Repoman-3.0.0
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild              |  48 ++++++
 .../files/dnsviz-0.8.2-add-ed448-support.patch     | 182 +++++++++++++++++++++
 2 files changed, 230 insertions(+)

diff --git a/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild b/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
new file mode 100644
index 00000000000..cffca2ff2de
--- /dev/null
+++ b/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6,7,8} )
+inherit distutils-r1 eutils
+
+DESCRIPTION="Tool suite for analysis and visualization of DNS and DNSSEC"
+HOMEPAGE="https://dnsviz.net/"
+SRC_URI="https://github.com/dnsviz/dnsviz/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="
+	dev-python/dnspython[${PYTHON_USEDEP}]
+	>=dev-python/m2crypto-0.31.0[${PYTHON_USEDEP}]
+	>=dev-python/pygraphviz-1.3.1[${PYTHON_USEDEP}]
+	dev-python/setuptools[${PYTHON_USEDEP}]"
+
+RDEPEND="
+	${DEPEND}"
+
+PATCHES=( "${FILESDIR}"/${PN}-0.8.2-add-ed448-support.patch )
+
+python_prepare_all() {
+	# Fix the ebuild to use correct FHS/Gentoo policy paths for 0.8.2
+	sed -i "s*share/doc/dnsviz*share/doc/dnsviz-${PV}*g" "${S}"/setup.py || die
+
+	distutils-r1_python_prepare_all
+}
+
+pkg_postinst() {
+	elog "Support for extra feature can be get from:"
+	optfeature "Support for pre-deployment testing" net-dns/bind
+
+	# Warn about extra requirements for >=OpenSSL 1.1.0
+	if has_version '=dev-libs/openssl-1.1*'; then
+	   echo
+	   ewarn "With OpenSSL version 1.1.0 and later,the OpenSSL GOST Engine"
+	   ewarn "is necessary to validate DNSSEC signatures with algorithm 12"
+	   ewarn "(GOST R 34.10-2001) and digests of type 3 (GOST R 34.11-94)"
+	   ewarn "OpenSSL GOST Engine can be get from --> dev-libs/gost-engine"
+	fi
+}

diff --git a/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch b/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
new file mode 100644
index 00000000000..1d4d88e97e6
--- /dev/null
+++ b/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
@@ -0,0 +1,182 @@
+From 99bb0c7430c9f954582eabd3a9581fe0db6f2e81 Mon Sep 17 00:00:00 2001
+From: Pascal Ernster <git@hardfalcon.net>
+Date: Mon, 22 Jul 2019 04:25:18 +0200
+Subject: [PATCH] Replace libnacl with python-cryptography, add support for
+ algo 16 (Ed448)
+
+Origin: https://github.com/dnsviz/dnsviz/pull/54
+
+---
+ Dockerfile              |  2 +-
+ README.md               |  8 ++++----
+ contrib/dnsviz-py2.spec |  2 +-
+ contrib/dnsviz-py3.spec |  2 +-
+ dnsviz/crypto.py        | 30 +++++++++++++++++++++++++-----
+ requirements.txt        |  2 +-
+ setup.py                |  2 +-
+ 7 files changed, 34 insertions(+), 14 deletions(-)
+
+diff --git a/Dockerfile b/Dockerfile
+index dc6a0d9e..61a319de 100644
+--- a/Dockerfile
++++ b/Dockerfile
+@@ -2,7 +2,7 @@ FROM alpine:edge
+ 
+ RUN apk add python3 graphviz ttf-liberation libsodium bind bind-tools
+ RUN apk add --virtual builddeps linux-headers python3-dev graphviz-dev gcc libc-dev openssl-dev swig && \
+-	pip3 install pygraphviz m2crypto dnspython libnacl && \
++	pip3 install pygraphviz m2crypto dnspython cryptography && \
+ 	apk del builddeps
+ 
+ COPY . /tmp/dnsviz
+diff --git a/README.md b/README.md
+index e9dcda83..03d9c3dd 100644
+--- a/README.md
++++ b/README.md
+@@ -41,7 +41,7 @@ Instructions for running in a Docker container are also available
+ 
+ * M2Crypto (0.28.0 or later) - https://gitlab.com/m2crypto/m2crypto
+ 
+-* libnacl - https://github.com/saltstack/libnacl
++* Cryptography (2.6 or later) - https://cryptography.io/
+ 
+ Note that the software versions listed above are known to work with the current
+ version of DNSViz.  Other versions might also work well together, but might
+@@ -85,7 +85,7 @@ $ source ~/myenv/bin/activate
+ ```
+ (Note that this installs the dependencies that are python packages, but some of
+ these packages have non-python dependecies, such as Graphviz (required for
+-pygraphviz) and libsodium (required for libnacl), that are not installed
++pygraphviz) and OpenSSL (required for Cryptography), that are not installed
+ automatically.)
+ 
+ Next download and install DNSViz from the Python Package Index (PyPI):
+@@ -121,9 +121,9 @@ $ cp dist/dnsviz-*.tar.gz ~/rpmbuild/SOURCES/
+ $ cp contrib/dnsviz-py${PY_VERS}.spec ~/rpmbuild/SPECS/dnsviz.spec
+ ```
+ 
+-Install dnspython, pygraphviz, M2Crypto, and libnacl.
++Install dnspython, pygraphviz, M2Crypto, and Cryptography.
+ ```
+-$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-libnacl
++$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-cryptography
+ ```
+ For python2:
+ ```
+diff --git a/contrib/dnsviz-py2.spec b/contrib/dnsviz-py2.spec
+index 0bea597b..65033c95 100644
+--- a/contrib/dnsviz-py2.spec
++++ b/contrib/dnsviz-py2.spec
+@@ -15,7 +15,7 @@ BuildRequires:  make
+ Requires:       python2-pygraphviz >= 1.3
+ Requires:       m2crypto >= 0.28.0
+ Requires:       python2-dns >= 1.13
+-Requires:       python2-libnacl
++Requires:       python2-cryptography
+ 
+ %description
+ DNSViz is a tool suite for analysis and visualization of Domain Name System
+diff --git a/contrib/dnsviz-py3.spec b/contrib/dnsviz-py3.spec
+index ef25f4b5..975f3e10 100644
+--- a/contrib/dnsviz-py3.spec
++++ b/contrib/dnsviz-py3.spec
+@@ -15,7 +15,7 @@ BuildRequires:  make
+ Requires:       python3-pygraphviz >= 1.3
+ Requires:       python3-m2crypto >= 0.28.0
+ Requires:       python3-dns >= 1.13
+-Requires:       python3-libnacl
++Requires:       python3-cryptography
+ 
+ %description
+ DNSViz is a tool suite for analysis and visualization of Domain Name System
+diff --git a/dnsviz/crypto.py b/dnsviz/crypto.py
+index b011cbf3..283eac4d 100644
+--- a/dnsviz/crypto.py
++++ b/dnsviz/crypto.py
+@@ -55,7 +55,7 @@
+         'M2Crypto >= 0.21.1': (set([1,5,7,8,10]), set([1,2,4]), set([1])),
+         'M2Crypto >= 0.24.0': (set([3,6,13,14]), set(), set()),
+         'M2Crypto >= 0.24.0 and either openssl < 1.1.0 or openssl >= 1.1.0 plus the OpenSSL GOST Engine': (set([12]), set([3]), set()),
+-        'libnacl': (set([15]), set(), set()),
++        'cryptography': (set([15,16]), set(), set()),
+ }
+ _logged_modules = set()
+ 
+@@ -72,12 +72,19 @@
+     _supported_digest_algs.update(set([1,2,4]))
+ 
+ try:
+-    from libnacl.sign import Verifier as ed25519Verifier
++    from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
+ except ImportError:
+     pass
+ else:
+     _supported_algs.add(15)
+ 
++try:
++    from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PublicKey
++except ImportError:
++    pass
++else:
++    _supported_algs.add(16)
++
+ GOST_PREFIX = b'\x30\x63\x30\x1c\x06\x06\x2a\x85\x03\x02\x02\x13\x30\x12\x06\x07\x2a\x85\x03\x02\x02\x23\x01\x06\x07\x2a\x85\x03\x02\x02\x1e\x01\x03\x43\x00\x04\x40'
+ GOST_ENGINE_NAME = b'gost'
+ GOST_DIGEST_NAME = b'GOST R 34.11-94'
+@@ -386,10 +393,21 @@ def _validate_rrsig_ec(alg, sig, msg, key):
+ 
+ def _validate_rrsig_ed25519(alg, sig, msg, key):
+     try:
+-        verifier = ed25519Verifier(binascii.hexlify(key))
+-        return verifier.verify(sig + msg) == msg
+-    except ValueError:
++        verifier = Ed25519PublicKey.from_public_bytes(key)
++        verifier.verify(sig, msg)
++    except:
+         return False
++    else:
++        return True
++
++def _validate_rrsig_ed448(alg, sig, msg, key):
++    try:
++        verifier = Ed448PublicKey.from_public_bytes(key)
++        verifier.verify(sig, msg)
++    except:
++        return False
++    else:
++        return True
+ 
+ def validate_rrsig(alg, sig, msg, key):
+     if not alg_is_supported(alg):
+@@ -407,6 +425,8 @@ def validate_rrsig(alg, sig, msg, key):
+         return _validate_rrsig_ec(alg, sig, msg, key)
+     elif alg in (15,):
+         return _validate_rrsig_ed25519(alg, sig, msg, key)
++    elif alg in (16,):
++        return _validate_rrsig_ed448(alg, sig, msg, key)
+ 
+ def get_digest_for_nsec3(val, salt, alg, iterations):
+     if not nsec3_alg_is_supported(alg):
+diff --git a/requirements.txt b/requirements.txt
+index d6b2de5e..af2be235 100644
+--- a/requirements.txt
++++ b/requirements.txt
+@@ -1,4 +1,4 @@
+ dnspython
+ pygraphviz
+ m2crypto
+-libnacl
++cryptography
+diff --git a/setup.py b/setup.py
+index ba1016e3..b531c025 100644
+--- a/setup.py
++++ b/setup.py
+@@ -135,7 +135,7 @@ def run(self):
+                 'pygraphviz (>=1.1)',
+                 'm2crypto (>=0.24.0)',
+                 'dnspython (>=1.11)',
+-                'libnacl',
++                'cryptography (>=2.6)',
+         ],
+         classifiers=[
+                 'Development Status :: 5 - Production/Stable',

[gentoo-commits] repo/gentoo:master commit in: net-dns/dnsviz/, net-dns/dnsviz/files/

[David Seifert]

commit:     b75315181abeabf4bae2e6724d748702854dfa9d
Author:     Hasan ÇALIŞIR <hasan.calisir <AT> psauxit <DOT> com>
AuthorDate: Sat Jul  2 15:13:55 2022 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sat Jul  2 15:13:55 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7531518

net-dns/dnsviz: drop 0.8.2-r1, 0.9.2, 0.9.3

Closes: https://github.com/gentoo/gentoo/pull/26202
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
Signed-off-by: David Seifert <soap <AT> gentoo.org>

 net-dns/dnsviz/Manifest                            |   3 -
 net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild              |  61 -------
 net-dns/dnsviz/dnsviz-0.9.2.ebuild                 |  52 ------
 net-dns/dnsviz/dnsviz-0.9.3.ebuild                 |  52 ------
 .../files/dnsviz-0.8.2-add-ed448-support.patch     | 182 ---------------------
 5 files changed, 350 deletions(-)

diff --git a/net-dns/dnsviz/Manifest b/net-dns/dnsviz/Manifest
index 297267a16d5e..ed5d40952fa9 100644
--- a/net-dns/dnsviz/Manifest
+++ b/net-dns/dnsviz/Manifest
@@ -1,4 +1 @@
-DIST dnsviz-0.8.2.tar.gz 404265 BLAKE2B c4ba6b5a7d6fee7c8e2cba0c90f29560152dd4beed1ef4d80a6a3bf9f81646ee8f0d61c38329233e300f2b434cb5d9e9d2a926dc72997ae68ff0a57e147bafcf SHA512 5414d9bda6c0bf5fdc5a84a09cb5833619110702749b12f87d63f5149de473f4bd1b6960c506c60ec5fc5ff82d789536cee70a299ff13c960a45776de2916c80
-DIST dnsviz-0.9.2.tar.gz 477947 BLAKE2B 62b94e6b05d1129d5c4655ff1faf8adb3c2eec868db6049e09dd180cebccab94412eee25293d83ec3e6bc5b18fae33ba0acfe3c3b30cececdd4952005879eab0 SHA512 8ad9e1aabb4704ff4939617532c32e5edde0d369efd2e4a7a6f30d33b8bac941b2d1073e98fed90e2a11438a0b1c18b8fafe07f4122fb888ebdb24bd2426abf6
-DIST dnsviz-0.9.3.tar.gz 477931 BLAKE2B e3e020fdddacdf06a4e7b78edade72136d6530dac5b243b30e97f609c9fb3b912fb6d6c00b8c54e17f1d2ba411a2b116f9cb89bfc51c01f43d8a1a03a00755aa SHA512 8ccaa29df6cc7824db7153950d5cb423d1ac7a76ae20a15b35c2e66d362b3340e23a9973f71b884ea7e7b861e2bb0051e32abc3e45795792a7db3b01b62449c5
 DIST dnsviz-0.9.4.tar.gz 477971 BLAKE2B 3c8bebcea89bc6e78247c45c4266f73be4f9f618bfaa48a47460a43deb4789fe71eaa77eb4ff59c2d8e863cdfdddaf5908279aad93ffd63fdbe16d0966aa943b SHA512 b88d0ddff6279078a5222b4250a404c39db6d896d57bba51c878c8b8d01582deda2fe67b5f6370d7a98389e09ad46bdf3903d77fee91c0291b14a9109f1739e3

diff --git a/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild b/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
deleted file mode 100644
index e3feb492a94d..000000000000
--- a/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
+++ /dev/null
@@ -1,61 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7,8} )
-inherit distutils-r1 optfeature
-
-DESCRIPTION="Tool suite for analysis and visualization of DNS and DNSSEC"
-HOMEPAGE="https://dnsviz.net/"
-SRC_URI="https://github.com/dnsviz/dnsviz/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~amd64 ~x86"
-IUSE=""
-
-DEPEND="
-	dev-python/dnspython[${PYTHON_USEDEP}]
-	>=dev-python/m2crypto-0.31.0[${PYTHON_USEDEP}]
-	>=dev-python/pygraphviz-1.3.1[${PYTHON_USEDEP}]"
-
-RDEPEND="
-	${DEPEND}"
-
-PATCHES=( "${FILESDIR}"/${PN}-0.8.2-add-ed448-support.patch )
-
-python_prepare_all() {
-	# Fix the ebuild to use correct FHS/Gentoo policy paths for 0.8.2
-	sed -i \
-		-e "s|share/doc/dnsviz|share/doc/${PF}|g" \
-			"${S}"/setup.py \
-			|| die
-
-	distutils-r1_python_prepare_all
-}
-
-python_test() {
-	distutils_install_for_testing
-
-	"${EPYTHON}" tests/offline_tests.py -v || die
-
-	# No need to pull in net-dns/bind for this small test
-	if hash named-checkconf &>/dev/null ; then
-		"${EPYTHON}" tests/local_probe_tests.py -v || die
-	else
-		einfo "Skipping local_probe_tests -- named-checkconf not found!"
-	fi
-}
-
-pkg_postinst() {
-	optfeature "Support for pre-deployment testing" net-dns/bind
-
-	# Warn about extra requirements for >=OpenSSL 1.1.0
-	if has_version '=dev-libs/openssl-1.1*'; then
-		ewarn "With OpenSSL version 1.1.0 and later,the OpenSSL GOST Engine"
-		ewarn "is necessary to validate DNSSEC signatures with algorithm 12"
-		ewarn "(GOST R 34.10-2001) and digests of type 3 (GOST R 34.11-94)"
-		ewarn "OpenSSL GOST Engine can be get from --> dev-libs/gost-engine"
-	fi
-}

diff --git a/net-dns/dnsviz/dnsviz-0.9.2.ebuild b/net-dns/dnsviz/dnsviz-0.9.2.ebuild
deleted file mode 100644
index d1f444d39db4..000000000000
--- a/net-dns/dnsviz/dnsviz-0.9.2.ebuild
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7,8,9} )
-inherit distutils-r1 optfeature
-
-DESCRIPTION="Tool suite for analysis and visualization of DNS and DNSSEC"
-HOMEPAGE="https://dnsviz.net/"
-SRC_URI="https://github.com/dnsviz/dnsviz/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~amd64 ~x86"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-BDEPEND="test? ( net-dns/bind )"
-
-DEPEND=">=dev-python/dnspython-1.13[${PYTHON_USEDEP}]
-	>=dev-python/m2crypto-0.37.0[${PYTHON_USEDEP}]
-	>=dev-python/pygraphviz-1.3.1[${PYTHON_USEDEP}]"
-
-RDEPEND="${DEPEND}"
-
-python_prepare_all() {
-	# Fix the ebuild to use correct FHS/Gentoo policy paths
-	sed -i \
-		-e "s|share/doc/dnsviz|share/doc/${PF}|g" \
-			"${S}"/setup.py \
-			|| die
-
-	distutils-r1_python_prepare_all
-}
-
-python_test() {
-	distutils_install_for_testing
-
-	"${EPYTHON}" tests/dnsviz_probe_run_offline.py -v || die
-	"${EPYTHON}" tests/dnsviz_print_options.py -v || die
-	"${EPYTHON}" tests/dnsviz_print_run.py -v || die
-	"${EPYTHON}" tests/dnsviz_graph_options.py -v || die
-	"${EPYTHON}" tests/dnsviz_graph_run.py -v || die
-	"${EPYTHON}" tests/dnsviz_grok_options.py -v || die
-	"${EPYTHON}" tests/dnsviz_grok_run.py -v || die
-}
-
-pkg_postinst() {
-	optfeature "Support for pre-deployment testing" net-dns/bind
-	optfeature "Support for DNSSEC signatures using GOST algorithm or digest" dev-libs/ghost-engine
-}

diff --git a/net-dns/dnsviz/dnsviz-0.9.3.ebuild b/net-dns/dnsviz/dnsviz-0.9.3.ebuild
deleted file mode 100644
index d1f444d39db4..000000000000
--- a/net-dns/dnsviz/dnsviz-0.9.3.ebuild
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7,8,9} )
-inherit distutils-r1 optfeature
-
-DESCRIPTION="Tool suite for analysis and visualization of DNS and DNSSEC"
-HOMEPAGE="https://dnsviz.net/"
-SRC_URI="https://github.com/dnsviz/dnsviz/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~amd64 ~x86"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-BDEPEND="test? ( net-dns/bind )"
-
-DEPEND=">=dev-python/dnspython-1.13[${PYTHON_USEDEP}]
-	>=dev-python/m2crypto-0.37.0[${PYTHON_USEDEP}]
-	>=dev-python/pygraphviz-1.3.1[${PYTHON_USEDEP}]"
-
-RDEPEND="${DEPEND}"
-
-python_prepare_all() {
-	# Fix the ebuild to use correct FHS/Gentoo policy paths
-	sed -i \
-		-e "s|share/doc/dnsviz|share/doc/${PF}|g" \
-			"${S}"/setup.py \
-			|| die
-
-	distutils-r1_python_prepare_all
-}
-
-python_test() {
-	distutils_install_for_testing
-
-	"${EPYTHON}" tests/dnsviz_probe_run_offline.py -v || die
-	"${EPYTHON}" tests/dnsviz_print_options.py -v || die
-	"${EPYTHON}" tests/dnsviz_print_run.py -v || die
-	"${EPYTHON}" tests/dnsviz_graph_options.py -v || die
-	"${EPYTHON}" tests/dnsviz_graph_run.py -v || die
-	"${EPYTHON}" tests/dnsviz_grok_options.py -v || die
-	"${EPYTHON}" tests/dnsviz_grok_run.py -v || die
-}
-
-pkg_postinst() {
-	optfeature "Support for pre-deployment testing" net-dns/bind
-	optfeature "Support for DNSSEC signatures using GOST algorithm or digest" dev-libs/ghost-engine
-}

diff --git a/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch b/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
deleted file mode 100644
index 1d4d88e97e6d..000000000000
--- a/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From 99bb0c7430c9f954582eabd3a9581fe0db6f2e81 Mon Sep 17 00:00:00 2001
-From: Pascal Ernster <git@hardfalcon.net>
-Date: Mon, 22 Jul 2019 04:25:18 +0200
-Subject: [PATCH] Replace libnacl with python-cryptography, add support for
- algo 16 (Ed448)
-
-Origin: https://github.com/dnsviz/dnsviz/pull/54
-
----
- Dockerfile              |  2 +-
- README.md               |  8 ++++----
- contrib/dnsviz-py2.spec |  2 +-
- contrib/dnsviz-py3.spec |  2 +-
- dnsviz/crypto.py        | 30 +++++++++++++++++++++++++-----
- requirements.txt        |  2 +-
- setup.py                |  2 +-
- 7 files changed, 34 insertions(+), 14 deletions(-)
-
-diff --git a/Dockerfile b/Dockerfile
-index dc6a0d9e..61a319de 100644
---- a/Dockerfile
-+++ b/Dockerfile
-@@ -2,7 +2,7 @@ FROM alpine:edge
- 
- RUN apk add python3 graphviz ttf-liberation libsodium bind bind-tools
- RUN apk add --virtual builddeps linux-headers python3-dev graphviz-dev gcc libc-dev openssl-dev swig && \
--	pip3 install pygraphviz m2crypto dnspython libnacl && \
-+	pip3 install pygraphviz m2crypto dnspython cryptography && \
- 	apk del builddeps
- 
- COPY . /tmp/dnsviz
-diff --git a/README.md b/README.md
-index e9dcda83..03d9c3dd 100644
---- a/README.md
-+++ b/README.md
-@@ -41,7 +41,7 @@ Instructions for running in a Docker container are also available
- 
- * M2Crypto (0.28.0 or later) - https://gitlab.com/m2crypto/m2crypto
- 
--* libnacl - https://github.com/saltstack/libnacl
-+* Cryptography (2.6 or later) - https://cryptography.io/
- 
- Note that the software versions listed above are known to work with the current
- version of DNSViz.  Other versions might also work well together, but might
-@@ -85,7 +85,7 @@ $ source ~/myenv/bin/activate
- ```
- (Note that this installs the dependencies that are python packages, but some of
- these packages have non-python dependecies, such as Graphviz (required for
--pygraphviz) and libsodium (required for libnacl), that are not installed
-+pygraphviz) and OpenSSL (required for Cryptography), that are not installed
- automatically.)
- 
- Next download and install DNSViz from the Python Package Index (PyPI):
-@@ -121,9 +121,9 @@ $ cp dist/dnsviz-*.tar.gz ~/rpmbuild/SOURCES/
- $ cp contrib/dnsviz-py${PY_VERS}.spec ~/rpmbuild/SPECS/dnsviz.spec
- ```
- 
--Install dnspython, pygraphviz, M2Crypto, and libnacl.
-+Install dnspython, pygraphviz, M2Crypto, and Cryptography.
- ```
--$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-libnacl
-+$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-cryptography
- ```
- For python2:
- ```
-diff --git a/contrib/dnsviz-py2.spec b/contrib/dnsviz-py2.spec
-index 0bea597b..65033c95 100644
---- a/contrib/dnsviz-py2.spec
-+++ b/contrib/dnsviz-py2.spec
-@@ -15,7 +15,7 @@ BuildRequires:  make
- Requires:       python2-pygraphviz >= 1.3
- Requires:       m2crypto >= 0.28.0
- Requires:       python2-dns >= 1.13
--Requires:       python2-libnacl
-+Requires:       python2-cryptography
- 
- %description
- DNSViz is a tool suite for analysis and visualization of Domain Name System
-diff --git a/contrib/dnsviz-py3.spec b/contrib/dnsviz-py3.spec
-index ef25f4b5..975f3e10 100644
---- a/contrib/dnsviz-py3.spec
-+++ b/contrib/dnsviz-py3.spec
-@@ -15,7 +15,7 @@ BuildRequires:  make
- Requires:       python3-pygraphviz >= 1.3
- Requires:       python3-m2crypto >= 0.28.0
- Requires:       python3-dns >= 1.13
--Requires:       python3-libnacl
-+Requires:       python3-cryptography
- 
- %description
- DNSViz is a tool suite for analysis and visualization of Domain Name System
-diff --git a/dnsviz/crypto.py b/dnsviz/crypto.py
-index b011cbf3..283eac4d 100644
---- a/dnsviz/crypto.py
-+++ b/dnsviz/crypto.py
-@@ -55,7 +55,7 @@
-         'M2Crypto >= 0.21.1': (set([1,5,7,8,10]), set([1,2,4]), set([1])),
-         'M2Crypto >= 0.24.0': (set([3,6,13,14]), set(), set()),
-         'M2Crypto >= 0.24.0 and either openssl < 1.1.0 or openssl >= 1.1.0 plus the OpenSSL GOST Engine': (set([12]), set([3]), set()),
--        'libnacl': (set([15]), set(), set()),
-+        'cryptography': (set([15,16]), set(), set()),
- }
- _logged_modules = set()
- 
-@@ -72,12 +72,19 @@
-     _supported_digest_algs.update(set([1,2,4]))
- 
- try:
--    from libnacl.sign import Verifier as ed25519Verifier
-+    from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
- except ImportError:
-     pass
- else:
-     _supported_algs.add(15)
- 
-+try:
-+    from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PublicKey
-+except ImportError:
-+    pass
-+else:
-+    _supported_algs.add(16)
-+
- GOST_PREFIX = b'\x30\x63\x30\x1c\x06\x06\x2a\x85\x03\x02\x02\x13\x30\x12\x06\x07\x2a\x85\x03\x02\x02\x23\x01\x06\x07\x2a\x85\x03\x02\x02\x1e\x01\x03\x43\x00\x04\x40'
- GOST_ENGINE_NAME = b'gost'
- GOST_DIGEST_NAME = b'GOST R 34.11-94'
-@@ -386,10 +393,21 @@ def _validate_rrsig_ec(alg, sig, msg, key):
- 
- def _validate_rrsig_ed25519(alg, sig, msg, key):
-     try:
--        verifier = ed25519Verifier(binascii.hexlify(key))
--        return verifier.verify(sig + msg) == msg
--    except ValueError:
-+        verifier = Ed25519PublicKey.from_public_bytes(key)
-+        verifier.verify(sig, msg)
-+    except:
-         return False
-+    else:
-+        return True
-+
-+def _validate_rrsig_ed448(alg, sig, msg, key):
-+    try:
-+        verifier = Ed448PublicKey.from_public_bytes(key)
-+        verifier.verify(sig, msg)
-+    except:
-+        return False
-+    else:
-+        return True
- 
- def validate_rrsig(alg, sig, msg, key):
-     if not alg_is_supported(alg):
-@@ -407,6 +425,8 @@ def validate_rrsig(alg, sig, msg, key):
-         return _validate_rrsig_ec(alg, sig, msg, key)
-     elif alg in (15,):
-         return _validate_rrsig_ed25519(alg, sig, msg, key)
-+    elif alg in (16,):
-+        return _validate_rrsig_ed448(alg, sig, msg, key)
- 
- def get_digest_for_nsec3(val, salt, alg, iterations):
-     if not nsec3_alg_is_supported(alg):
-diff --git a/requirements.txt b/requirements.txt
-index d6b2de5e..af2be235 100644
---- a/requirements.txt
-+++ b/requirements.txt
-@@ -1,4 +1,4 @@
- dnspython
- pygraphviz
- m2crypto
--libnacl
-+cryptography
-diff --git a/setup.py b/setup.py
-index ba1016e3..b531c025 100644
---- a/setup.py
-+++ b/setup.py
-@@ -135,7 +135,7 @@ def run(self):
-                 'pygraphviz (>=1.1)',
-                 'm2crypto (>=0.24.0)',
-                 'dnspython (>=1.11)',
--                'libnacl',
-+                'cryptography (>=2.6)',
-         ],
-         classifiers=[
-                 'Development Status :: 5 - Production/Stable',